> Date: Mon, 27 Oct 2008 15:01:26 -0700
> From: Jim Cortez <jim at jimcortez.com>
> Subject: [sf-lug] Hard Drive Wipe software
> To: SFLUG Mailing List <sf-lug at linuxmafia.com>
>> I have a friend who is planning on selling their laptop on Craigslist and
> needs to wipe the hard drive. Any recommendations for a user-friendly open
> software?
Depends on the threat model one is defending against - what's the level
of risk if the data falls into "the wrong hands", and what's the
probable level of resources (e.g. dollars) adversary may use to try to
access the data.
Boot Linux from CD (or USB, or network, etc.),
(replace /dev/hda, as appropriate, with the correct whole target hard
drive, e.g. /dev/sda)
My approximate rule of thumb:
adversary not willing to spend $1,000.00 USD or more and,
maximum risk if data exposed well under $1,000.00 USD:
# dd if=/dev/zero of=/dev/hda
adversary not willing to spend $1,000,000.00 USD or more and,
maximum risk if data exposed well under $1,000,000.00 USD:
# shred -n 7 -z /dev/hda
adversary willing to spend $1,000,000.00 USD or more,
maximum risk if data exposed $1,000,000.00 USD or more:
remove the platters, incinerate or pulverize
Note also: typical overwrites via software won't overwrite "bad sectors"
that have been mapped out at the hardware level. That data may be
recoverable or partially recoverable. Low level format, if available,
may overwrite or partially overwrite such sectors.
Sufficiently powerful electromagnet can wipe disk data, even without
opening the hard drive, and inlucing any mapped out "bad sectors" - it
will also render the drive unuseable. This is probably on the order of
as secure as # shred -n 7 -z /dev/hda plus similar effect on mapped out
sectors, with suffient field strength, exposure, and cycles, but less
secure than incineration or sufficient pulverization of the platters.
references:
shred(1)
dd(1)
Secure Deletion of Data from Magnetic and Solid-State Memory:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html